CENTRAL LAKE, MICHAEL MICHAEL MICHAEL MICHAEL MICHAEL MICHA Researchers stated Saturday (July 3) that a ransomware attack on a US IT firm could have affected 1,000 businesses, with one of Sweden’s largest grocery chains disclosing it had to temporarily close approximately 800 locations after losing access to its checkouts. Kaseya stated late Friday that the attack had been limited to “a very tiny number of our customers” who used its distinctive VSA software – “currently estimated at fewer than 40 worldwide.”
However, Huntress Labs, a cybersecurity firm, revealed in a Reddit thread that it was working with partners who had been targeted in the attack and that the software had been changed “to encrypt more than 1,000 companies.”
The files of the damaged businesses were encrypted, and electronic messages were left demanding ransom payments in the thousands or millions of dollars.
President Joe Biden announced on Saturday that he has asked US intelligence agencies to look into the attack’s perpetrators.
The newest ransomware outbreak, according to Huntress Labs, was caused by the Russia-linked REvil ransomware organization. The FBI blamed the same group for paralyzing meat packer JBS last month.
While shopping for pies at a cherry orchard market in Michigan to promote his vaccination program, Biden was asked about the hack.
“We’re not sure” who is behind the attack, Biden said, adding, “The original thinking was it wasn’t the Russian government but we’re not sure yet.”
Biden stated that he has authorized US intelligence services to investigate, and that if they decide that Russia is to responsible, the US will respond.
Biden asked Russian President Vladimir Putin to crack down on cyber hackers operating out of Russia during a summit in Geneva on June 16, and warned of dire consequences if ransomware attacks continued to spread.
Biden stated that he would be briefed on the latest attack on Sunday.
“I told Putin we will respond if it is with Russia’s knowledge and/or as a result of Russia,” Biden added, alluding to what he told Putin in Geneva.
The hackers who struck on Friday took control of widely used technology management software from Kaseya, a Miami-based company. They modified a Kaseya product known as VSA, which is used by organizations that manage technology for small businesses. They then encrypted the files of the consumers of those providers at the same time. Huntress claimed it was tracking eight managed service providers who had infected 200 clients. On Friday, Kaseya said it was looking into a “possible attack” on VSA, which is used by IT professionals to manage servers, workstations, network devices, and printers. “This is a gigantic and destructive supply chain assault,” Huntress senior security researcher John Hammond wrote in an email, referring to a hacker approach that involves hijacking one piece of software to corrupt hundreds or thousands of people at once. The US Cybersecurity and Infrastructure Security Agency said in a statement on Friday that it was “taking steps to understand and mitigate the recent supply-chain ransomware threat” against Kaseya’s VSA software. According to Coop, one of Sweden’s largest grocery chains, the attack disrupted a program used to remotely update its checkout tills, preventing payments from being processed. “We’ve been troubleshooting and restoring all night,” Coop spokesman Therese Knapp told Swedish Television. “But we’ve conveyed that we’ll need to keep the stores closed today.” According to TT, Kaseya technology was used by Visma Esscom, a Swedish company that administers servers and devices for a number of Swedish businesses. Services on the state railways and at a pharmacy chain were also disrupted. Visma Esscom chief executive Fabian Mogren told TT, “They have been struck in varied degrees.” The attack, according to Swedish Defense Minister Peter Hultqvist, was “extremely risky” and demonstrated how businesses and government organizations needed to strengthen their readiness. “In a different geopolitical environment, government players might attack us in this fashion to bring society to a halt and create anarchy,” he warned. After the US accused hackers of working for the Russian government and tampering with a network monitoring tool developed by Texas software firm SolarWinds, supply chain threats have risen to the top of the cybersecurity agenda. Russian agents accused of intervening in the 2016 US presidential election have spent most of the last two years exploiting virtual private networks (VPNs) to target hundreds of organizations throughout the world, according to US and British authorities. The Russian embassy in Washington refuted the accusation on Friday./nRead More